So what you are saying is to have the same NFQUEUE rules in both SECTION ALL and SECTION NEW, right? Our rules file would look like this:
SECTION ALL NFQUEUE(0) net $FW tcp 80,443 - NFQUEUE(0) $FW net tcp - 80,443 #SECTION ESTABLISHED #SECTION RELATED #SECTION INVALID #SECTION UNTRACKED SECTION NEW # Drop packets in the INVALID state Invalid(DROP) net $FW tcp # Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. Ping(DROP) net $FW # Permit all ICMP traffic FROM the firewall TO the net zone ACCEPT $FW net icmp NFQUEUE(0) net $FW tcp 80,443 - NFQUEUE(0) $FW net tcp - 80,443 By the way, this seems to be working. Obviously when the suricata service is stopped, no http traffic is allowed through. Filippo provided a solution to this point but I don't know if we want to allow traffic is suricata is not running... Tom can you confirm our rules files is in the form that you suggested? -----Original Message----- From: Tom Eastep Sent: Tuesday, May 19, 2015 1:37 PM To: [email protected] Subject: Re: [Shorewall-users] Shorewall with Suricata in IPS mode ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
